• This repository has been archived on 13/Jan/2023
  • Stars
    star
    5,895
  • Rank 6,863 (Top 0.2 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 10 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Reconnaissance tool for GitHub organizations

Gitrob




Gitrob: Putting the Open Source in OSINT

Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.

Usage

gitrob [options] target [target2] ... [targetN]

Options

-bind-address string
    Address to bind web server to (default "127.0.0.1")
-commit-depth int
    Number of repository commits to process (default 500)
-debug
    Print debugging information
-github-access-token string
    GitHub access token to use for API requests
-load string
    Load session file
-no-expand-orgs
    Don't add members to targets when processing organizations
-port int
    Port to run web server on (default 9393)
-save string
    Save session to file
-silent
    Suppress all output except for errors
-threads int
    Number of concurrent threads (default number of logical CPUs)

Saving session to a file

By default, gitrob will store its state for an assessment in memory. This means that the results of an assessment is lost when Gitrob is closed. You can save the session to a file by using the -save option:

gitrob -save ~/gitrob-session.json acmecorp

Gitrob will save all the gathered information to the specified file path as a special JSON document. The file can be loaded again for browsing at another point in time, shared with other analysts or parsed for custom integrations with other tools and systems.

Loading session from a file

A session stored in a file can be loaded with the -load option:

gitrob -load ~/gitrob-session.json

Gitrob will start its web interface and serve the results for analysis.

Installation

A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.

Make sure you have a correctly configured Go >= 1.8 environment and that $GOPATH/bin is in your $PATH

$ go get github.com/michenriksen/gitrob

This command will download gitrob, install its dependencies, compile it and move the gitrob executable to $GOPATH/bin.

Github access token

Gitrob will need a Github access token in order to interact with the Github API. Create a personal access token and save it in an environment variable in your .bashrc or similar shell configuration file:

export GITROB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef

Alternatively you can specify the access token with the -github-access-token option, but watch out for your command history!

More Repositories

1

aquatone

A Tool for Domain Flyovers
Go
5,597
star
2

css3buttons

Simple CSS3 framework for creating GitHub-style buttons
CSS
690
star
3

drawio-threatmodeling

Draw.io libraries for threat modeling diagrams
679
star
4

birdwatcher

Data analysis and OSINT framework for Twitter
Ruby
410
star
5

searchpass

A simple tool for offline searching of default credentials for network devices, web applications and more.
Ruby
164
star
6

gokiburi

Automatic test runs for Go projects
JavaScript
139
star
7

bucketlist

Amazon S3 bucket spelunking!
HTML
84
star
8

hibp

A simple tool to check a bunch of email addresses against the Have I Been Pwned API.
Ruby
64
star
9

maltego

Custom Maltego transforms
Python
60
star
10

diceware

Generate secure passphrases with the Diceware method
JavaScript
60
star
11

hackpad

A web application hacker's toolbox. Base64 encoding/decoding, URL encoding/decoding, MD5/SHA1/SHA256/HMAC hashing, code deobfuscation, formatting, highlighting and much more.
JavaScript
47
star
12

nmap-scripts

A collection of Nmap NSE scripts that I made.
Lua
27
star
13

wikiranger

Gather information on Wiki contributions from IP ranges
Ruby
23
star
14

easywins

Probe a web server for common files and endpoints that are useful for gathering information or gaining a foothold.
Ruby
22
star
15

dia-attacktree

Attack Tree modeling sheet for Dia
20
star
16

dolus

Firefox Addon to fool websites with spoofed X-Forwarded-For headers
JavaScript
16
star
17

chart

Command-line tool for rendering bar charts that can be displayed directly in the terminal or in text-based files like Markdown.
Go
16
star
18

tmpl

Simple tmux session management.
Go
13
star
19

nmunch

A passive network discovery tool that finds live network nodes by analyzing ARP and broadcast packets.
Ruby
12
star
20

dia-dfd

DFD diagramming sheet for Dia
9
star
21

michenriksen.github.io

Personal website
SCSS
7
star
22

tatt

A versatile CLI tool that makes it easy to render Go templates with dynamic data from YAML, JSON, or TOML files.
Go
4
star
23

pkgdmp

A simple go code analysis CLI tool.
Go
4
star
24

nvim

My Neovim configuration
Lua
1
star
25

harmfuldotlink

Should I click this link?
JavaScript
1
star